IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Patent Application 

Inventors: Sarvar PATEL 

I Docket No.: 2925-0161 P 

£ Lucent Case No.: PATEL 7 

3 Title: METHOD FOR TWO PARTY AUTHENTICATION AND KEY 

° AGREEMENT 

ASSISTANT COMMISSIONER FOR PATENTS Date: July 31. 1998 

WASHINGTON, D.C. 20231 

Sir: 

Enclosed are the following papers relating to the above-named application for 
patent: 

Specification 

Formal Drawings ( 2 sheets') 
Declaration and Power of Attorney 
Assignment with Cover Letter 



The fee has been calculated as shown below: 



CLAIMS AS FILED 




NO. FILED 


NO. EXTRA 


RATE 


CALCULATIONS 


Total Claims 


22 - 20 = 


2 


x $22. = 


$44.00 


Independent 
Claims 


2 - 3 = 


0 


x $82. = 


■0- 


Multiple Dependent 
Claim(s), if applicable 


x $270. = 


-0- 


BASIC FEE 




$790.00 




TOTAL FEE 


$834.00 




Docket No.: 2925-0161P 
Lucent Case No: Patel 7 



Please file the application and charge Lucent Technologies Deposit Account 

No. 12-2325 the amount of $ 834.00 . to cover the filing fee. Triplicate copies of 
this letter are enclosed. In the event of non-payment or improper payment of a 
required fee, the Commissioner is authorized to charge or to credit Deposit Account 
No. 12-2325 as required to correct the error. 

Please address all correspondence to: 



Telephone inquiries may be directed to the undersigned representative at 
(703) 205-8000. 



BIRCH, STEWART, KOLASCH & BIRCH, LLP 
P.O. Box 747 
Falls Church, Virginia 22040-0747 



Respectfully submitted, 



BIRCH, STEWART, KOLASCH & BIRCH, LLP 




Raymond C. Stewart 
'Reg No. 21,066 



RCS/GDY/jcp 



attorney for Applicant 



2 



METHOD FOR TWO PARTY AUTHENTICATION 
AND KEY AGREEMENT 

RELATED APPLICATIONS 

The following applications, filed concurrently with 
the subject application, are related to the subject 
application and are hereby incorporated by reference in 
their entirety: application no. unknown entitled METHOD 
FOR UPDATING SECRET SHARED DATA IN A WIRELESS 
COMMUNICATION SYSTEM by the inventor of the subject 
application; application no. unknown entitled METHOD FOR 
TRANSFERRING SENSITIVE INFORMATION USING I NT I ALLY 
UNSECURED COMMUNICATION by the inventor of the subject 
application; application no. unknown entitled METHOD FOR 
SECURING OVER-THE-AIR COMMUNICATION IN A WIRELESS SYSTEM 
by the inventor of the subject application; and 
application no. unknown entitled METHOD FOR ESTABLISHING 
A KEY USING OVER-THE-AIR COMMUNICATION AND PASSWORD 
PROTOCOL AND PASSWORD PROTOCOL by the inventor of the 
subject application and Adam Berenzweig. 
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BACKGROUND OF THE INVENTION 

1 . Field of the Invention 

The present invention relates to a method for 
authenticating parties communicating with one another, 
and in one application, a method for authenticating a 
mobile and a network in wireless communication. The 
present invention further relates to a key agreement 
based on the authentication protocol. 

2. Description o f Related Art 

Protocols for authenticating parties communicating 
with one another provide a measure of security to the 
communication. Several such protocols are employed by the 
wireless industry and form part of the different 
communication standards in the U.S., Europe and Japan. 

While the party authentication system and method 
according to the present invention is not limited to 
wireless communication, to promote ease of understanding, 
the present invention will described in the context of a 
wireless system. For this reason, a general overview of 
wireless systems is presented, including a discussion of 
the party authentication protocol used in at least one of 
the standards . 

The U.S. currently utilizes three major wireless 
systems, with differing standards. The first system is a 
time division multiple access system (TDMA) and is 
governed by IS -13 6, the second system is a code division 
multiple access (CDMA) system governed by IS-95, and the 
third is the Advanced Mobile Phone System (AMPS) . All 
three communication systems use the IS-41 standard for 
intersystem messaging, which defines the authentication 
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procedure for call origination, updating the secret shared 
data, and etc. 

Fig.l illustrates a wireless system including an 
authentication center (AC) and a home location register 
(HLR) 10, a visiting location register (VLR) 15, and a 
mobile 20. While more than one HLR may be associated with 
an AC, currently a one-to-one correspondence exists. 
Consequently, Fig. 1 illustrates the HLR and AC as a 
single entity, even though they are separate. Furthermore, 
for simplicity, the remainder of the specification will 
refer to the HLR and AC jointly as the AC/HLR. Also, the 
VLR sends information to one of a plurality of mobile 
switching centers (MSCs) associated therewith, and each 
MSC sends the information to one of a plurality of base 
stations (BSs) for transmission to the mobile. For 
simplicity, the VLR, MSCs and BSs will be referred to and 
illustrated as a VLR. Collectively, the ACs , HLRs , VLRs , 
MSCs, and BSs operated by a network provider are referred 
to as a network. 

A root key, known as the A-key, is stored only in the 
AC/HLR 10 and the mobile 20. There is a secondary key, 
known as Shared Secret Data SSD, which is sent to the VLR 
15 as the mobile roams (i.e., when the mobile is outside 
its home coverage area) . SSD is generated from the A-key 
and a random seed RANDSSD using a cryptographic algorithm 
or function. A cryptographic function is a function which 
generates an output having a predetermined number of bits 
based on a range of possible inputs. A keyed 

cryptographic function (KCF) is a type of cryptographic 
function that operates based on a key; for instance, a 
cryptographic function which operates on two or more 
arguments (i.e., inputs) wherein one of the arguments is 
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the key. From the output and knowledge of the KCF in use, 
the inputs can not be determined unless the key is known. 
Encryption/decryption algorithms are types of 

cryptographic functions. So are one-way functions like 
pseudo random functions (PRFs) and message authentication 
codes (MACs). The expression KCF sk (Rn') represents the KCF 
of the random number R N ' using the session key SK as the 
key. A session key is a key that lasts for a session, 
and a session is a period of time such as the length of a 
call. 

In the IS -41 protocol, the cryptographic function 
used is CAVE (Cellular Authentication and Voice 
Encryption) . When the mobile 20 roams, the VLR 15 in that 
area sends an authentication request to the AC/HLR 10, 
which responds by sending that mobile's SSD. Once the VLR 
15 has the SSD, it can authenticate the mobile 2 0 
independently of the AC/HLR 10. For security reasons, the 
SSD is periodically updated. 

Fig. 2 illustrates the communication between the 
AC/HLR 10, the VLR 15 and the mobile 20 to update the SSD. 
As discussed above, the AC/HLR 10 generates a random 
number seed RANDSSD, and using the CAVE algorithm 
generates a new SSD using the random number seed RANDSSD. 
The SSD is 128 bits long. The first 64 bits serve as a 
first SSD, referred to as SSDA, and the second 64 bits 
serve as a second SSD, referred to as SSDB. As shown in 
Fig. 2, the AC/HLR 10 provides the VLR 15 with the new SSD 
and the RANDSSD. The VLR 15 then sends the RANDSSD to the 
mobile 2 0 along with a session request SR. The session 
request SR instructs the mobile 20 to perform the SSD 
update protocol which is described in detail below. In 
response to receipt of the RANDSSD and the session request 
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SR, the mobile 20 uses the CAVE algorithm to generate the 
new SSD using the RANDSSD, and generates a random number R M 
using a random number generator. The mobile sends the 
random number R M to the VLR 15. The mobile 2 0 also 
performs the CAVE algorithm on the random number R M using 
the new SSDA as the key. This calculation is represented 
by CAVE SSDA (R M ) - 

One of the VLR 15 and the AC/HLR 10, also calculates 
CAVE SSDA (R M ), and sends the result to the mobile 20. The 
mobile 20 authenticates the network if CAVE SSD a(Rm ), which 
it calculated, matches that received from the network. 

Next, and usually after receiving a signal from the 
mobile 20 indicating verification, the VLR 15 generates a 
random number R N , and sends the random number R N to the 
mobile 20. Meanwhile, the VLR calculates CAVE SS da (Rn) • Upon 
receipt of R N , the mobile 2 0 calculates CAVE SS da(Rn) , and 
sends the result to the VLR 15. The VLR 15 authenticates 
the mobile if CAVE SSDA (R N ) , which it calculated, matches 
that received from the mobile 20. The random numbers R M 
and R N are referred to as challenges, while CAVE SS da(Rm ) and 
CAVEssda (Rn) are referred to as challenge responses. Once 
the authentication is complete, the mobile 20 and the 
network generate session keys using SSDB. 

In this protocol, the SSD is itself used to answer 
the challenges from the mobile 2 0 and the network. This 
allows an attack when an old RANDSSD and SSD pair are 
revealed. Knowing this pair is enough to query the 
mobile 20, and answer its challenge. Thus an attacker 
can issue an SSD update to the mobile 20, and answer the 
challenge from the mobile. Once the revealed SSD is 
accepted, and despite a secure session key agreement 
protocol (i.e., a protocol on communication between a 
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mobile and a network to establish a session key) , the 
attacker can impersonate the network and place a call to 
the mobile 20 under fraudulent identities. For example, 
the impersonator can insert his own caller id or name and 
pretend to be someone else. The attacker can pretend to 
be a credit card company, and ask to verify card number 
and pin. Or even use the telephone company name in the 
caller name field and ask to verify calling card numbers, 
etc . 

SUMMARY OF THE INVENTION 

In a two party authentication method according to 
the present invention a first party issues a random 
number as a first challenge, and a second party responds 
with a first challenge response. The first challenge 
response is generated by performing a keyed cryptographic 
function (KCF) on the first challenge and a count value 
using a first key. The second party increments the count 
value upon receipt of the first challenge, and uses the 
count value as a second challenge. The first party 
verifies the second party based on the first challenge 
and receipt of the second challenge and the first 
challenge response. After verification, the first party 
performs the KCF on the second challenge using the first 
key to generate a second challenge response. Based on the 
second challenge and receipt of the second challenge 
response, the second party verifies the first party. 
Using the first and second challenges, an encryption key 
is generated by both parties. In this manner, a different 
key, the first key, from the encryption key is used in 
answering challenges. The present invention has many 
applications including the wireless industry wherein the 
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first and second parties are a network and mobile, 
respectively . 

BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention will become more fully 
5 understood from the detailed description given below and 
the accompanying drawings which are given by way of 
illustration only, wherein like reference numerals 
designate corresponding parts in the various drawings, and 
wherein: 

10 Fig. 1 is a block diagram illustrating the basic 

components of a wireless system; 

Fig. 2 illustrates the communication between the 
authentication center/home location register, visiting 
location register, and the mobile to update the secret 
15 shared data according to the IS-41 standard; and 

Fig. 3 illustrates the communication between the 
network and the mobile to authenticate these two parties 
according to one embodiment of the present invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

20 As discussed above, while the party authentication 

system and method according to the present invention is 
not limited to wireless communication, to promote ease of 
understanding, the present invention will described in 
the context of a wireless system. More specifically, the 

25 method or protocol for two party authentication according 
to the present invention will be described as employed by 
the wireless system shown in Fig. 1. 

In contrast to the method or protocol discussed 
above with respect to Figs. 1 and 2, in the method 

30 according to the present invention, the AC/HLR 10 and the 
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mobile 20 also generate another key, referred to as the 
M-key, based on the A-key. For example, the M-key is 
generated by applying a pseudo random function (PRF) 
indexed by the A-key on a value known to the network and 
the mobile 20. A practical PRF is the well-known Data 
Encryption Standard-Cipher Block Chaining (DES-CBC) 
algorithm from NIST (National Institute of Standards) . 
In a preferred embodiment, DES-CBC, indexed by the 64-bit 
A-key on a known value, produces a 64 -bit M-key. 

Fig. 3 illustrates the communication between the 
network and the mobile 20 to authenticate these two 
parties according to one embodiment of the present 
invention. As shown, the VLR 15 acts as a conduit for 
communication between the AC/HLR 10 and the mobile 20. 
More specifically, the authentication protocol according 
to the present invention is performed between the AC and 
the mobile 20. 

As shown, one party, the AC/HLR 10, generates and 
sends a random number R N to the other party, the mobile 20. 
Typically, the AC/HLR 10, in addition to sending the 
random number R N , sends a session request SR specifying the 
type of protocol to be performed. Protocol types include, 
for example, call origination, secret shared data (SSD) 
update, call termination, and mobile registration. 

In response, the mobile 2 0 generates a count value C M , 
and performs a KCF on the random number R N , the count value 
C„. Type data, and id data ID M using the M-key as the key. 
This calculation is represented a KCF M - K e y (Type, ID M , C M , 
R N ) . Preferably, the KCF is a keyed message authentication 
code such as HMAC, but could be a PRF such as DES-CBC. The 
mobile 2 0 includes a counter which generates the count 
value C M . The mobile 2 0 increments the count value C M prior 
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to generating the challenge response (i.e., KCF M - K ey (Type, 
ID M , C m , Rn) ) to each challenge from the network. 

The Type data represents the type of protocol being 
performed. The id data indicates that the communication 
issued from the mobile. Usually, id data 1 indicates that 
the communication is from the network, and id data 0 
indicates that the communication came from the mobile. For 
the purposes of discussion, however, the id data for the 
mobile 2 0 is shown as ID M and the id data for the network 
is shown as ID N . The system and method for two party 
authentication does not require the inclusion of the Type 
data when performing the KCF on the random number R N and 
the count value C„. The Type data and the specific id data 
have been included as part of the application of the two 
party authentication method and system to a wireless 
system. 

The mobile 20 sends count value C M and KCF M - K ey (Type , 
ID M , Cm , Rn) to the network. Because the AC/HLR 10 

initiated the current protocol including the two party 
authentication protocol according to the present 
invention, the AC/HLR 10 knows the Type data. Also, 
because communication from mobiles include the same id 
data, this value is known by the AC/HLR 10 as well. 
Accordingly, based on the received count value C M , the 
AC/HLR 10 calculates KCF„. K ey (Type , ID M , C M , R N ) and 
determines whether this calculated value matches the 
version received from the mobile 20. If a match is found, 
the AC/HLR 10 authenticates the mobile 20. 

Once the mobile 2 0 has been verified, the AC/HLR 10 
calculates KCF M -Key (Type , IDn, C m ) , and sends the calculated 
result to the mobile 20. The mobile 20, meanwhile, 
calculates KCF M _ Key (Type , ID N , C„ ) as well. The mobile 20 



10 Atty Docket No. 2925- 16 IP 

then verifies whether the calculated version of KCF M . 
Key(Type, ID N C M ) matches the version received from the 
AC/HLR 10. If a match is found, the mobile 20 
authenticates the network. 

Furthermore, after performing this two party- 
authentication protocol, other keys can be generated. For 
instance, if the wireless system of Fig. 1 used this two 
party authentication protocol as part of the SSD update 
protocol, then, after the mobile 2 0 authenticates the 
network, the mobile 2 0 and the AC/HLR 10 both have the 
random number R N and the count value C M . Both the mobile 
2 0 and AC/HLR 10 generate the SSD as PRF A _ K ey(C M ,R N ) ; 
wherein the PRF is preferably the DES-CBC algorithm. 
Alternatively, in other protocols, this same technique is 
used to generate other keys . 

When applied to a wireless system, the mobile 2 0 
needs to store the count value C M in semi -permanent memory 
so that during power down, the count value C M is not re- 
initialized. This way, repetition of a count value is 
prevented; repetition of the count value permits an 
attacker to prevail in his attack. In a preferred 
embodiment, the count value is initialized using a random 
number and generated using a large bit counter such as a 
64 or 75 bit counter. This provides security even when the 
mobile 20 crashes and loses the stored count value. Even 
if an attacker can cause a mobile to crash at will, and 
assuming it takes at least a second to initiate a session, 
it will take, for example, a year before the attacker 
manages to have the mobile repeat a count value when a 75 
bit counter is used. 

As a further alternative, instead of a sending a 
unique random number R N/ the initiating party (e.g., the 
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network) issues a global random number. Namely, for each 
communication, the initiating party issues a different, 
unique random number R N in the embodiment of Fig. 3. 
However, in this alternative embodiment, the initiating 
party issues the same random number R N for each 
communication. 

In the protocol according to the present invention 
the key previously established between the parties (e.g., 
A-key or SSD) is not used to answer challenges, and thus 
the network impersonation problem discussed with respect 
to IS41 is not possible. Furthermore, even if the M-key is 
revealed to an attacker, there is no direct way to obtain 
the A-key therefrom because a one-way function was used to 
generate the M-key. Because an attacker uses prior 
challenges and challenge responses when mounting an 
attack, such an attack will fail if made on the protocol 
according to the present invention. The reason is that 
the attacker will be using a challenge response based on 
an old count value. Consequently, the network will not 
verify the attacker. Further, keys generated after 
authentication as discussed above will be generated by the 
PRF of the new challenge using the A-key, and the attacker 
does not know the A-key. 

The invention being thus described, it will be 
obvious that the same may be varied in many ways. Such 
variations are not to be regarded as a departure from the 
spirit and scope of the invention, and all such 
modifications are intended to be included within the 
scope of the following claims. 
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WTTAT IS CLAIMED 



1 1. A method for authenticating a first party at a 

2 second party, comprising: 

3 (a) receiving a random number from said first party 

4 as a first challenge; 

5 (b) incrementing a count value in response to 

6 receiving said first challenge; 

7 (c) generating a first challenge response by 

8 performing a keyed cryptographic function (KCF) on said 

9 first challenge and said count value using a first key; 

10 (d) transferring said count value, as a second 

11 challenge, and said first challenge response to said 

12 first party; 

13 ( e ) receiving a second challenge response from said 

14 first party, said second challenge response being a 

15 result of performing said KCF on said second challenge 

16 using said first key; and 

17 (f) verifying said first party based on said second 

18 challenge and said second challenge response. 

1 2. The method of claim 1, prior to said step (c) , 

2 further comprising: 

3 (g) generating said first key using a root key. 

1 3. The method of claim 1, wherein said step (c) 

2 generates said first challenge response by performing 

3 said KCF on said first challenge, said count value, and 

4 an identifier for said second party using said first key. 



1 



4. The method of claim 1, further comprising: 



13 Atty Docket No. 2925- 16 IP 

2 (g) establishing a second key based on said first 

3 and second challenges. 

1 5. The method of claim 1, wherein said step (a) 

2 eceives a global challenge as said first challenge from 

3 said first party. 

1 6. The method of claim 1, wherein said first party 

2 is a network of a wireless system and said second party 

3 is a mobile. 

1 7. The method of claim 6, wherein said step (c) 

2 generates said first challenge response by performing 

3 said KCF on said first challenge, said count value and 

4 type data using said first key, said type data indicating 

5 a type of protocol being performed by said network and 

6 said mobile. 

1 8. The method of claim 6, wherein said step (c) 

2 generates said first challenge response by performing 

3 said KCF on said first challenge, said count value, an 

4 identifier for said mobile, and type data using said 

5 first key, said type data indicating a type of protocol 

6 being performed by said network and said mobile. 

1 9. The method of claim 6, further comprising: 

2 (g) establishing a second key based on said first 

3 and second challenges. 



1 10. The method of claim 9, wherein said second key 

2 is one of secret shared data and a session key. 
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1 11. The method of claim 6, wherein said step (b) 

2 increments said count value using a bit counter of 

3 greater than 64 bits and which was initialized using a 

4 random number. 

1 12 . A method for authenticating a first party at a 

2 second party, comprising: 

3 (a) outputting a random number as a first challenge; 

4 (b) receiving a second challenge and a first 

5 challenge response from said first party, said second 

6 challenge being a count value, and said first challenge 

7 response being a result of performing a keyed 

8 cryptographic function (KCF) on said first challenge and 

9 said count value using a first key; and 

10 (e) verifying said first party based on said first 

11 challenge, said second challenge, and said first 

12 challenge response. 

1 13. The method of claim 12, further comprising: 

2 (f) establishing a second key based on said first 

3 and second challenges. 

1 14. The method of claim 12, wherein said step (a) 

2 outputs said first challenge as a global challenge. 

1 15. The method of claim 12, wherein said first party 

2 is a mobile of a wireless system and said second party is 

3 a network. 



1 



16. The method of claim 15, further comprising: 
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2 (f) establishing a second key based on said first 

3 and second challenges. 

1 17. The method of claim 16, wherein said second key 

2 is one of secret shared data and a session key. 

1 18. The method of claim 12, further comprising: 

2 (f) generating a second challenge response by 

3 performing said KCF on said second challenge using said 

4 first key; and 

5 (g) transferring said second challenge response to 

6 said second party. 

1 19. The method of claim 18, wherein said step (f) 

2 generates said second challenge response by performing 

3 said KCF on said second challenge and an identifier for 

4 said second party using said first key. 

1 20. The method of claim 18, wherein said first party 

2 is a mobile of a wireless system and said second party is 

3 a network. 

1 21. The method of claim 20, wherein said step (f) 

2 generates said second challenge response by performing 

3 said KCF on said second challenge and type data using 

4 said first key, said type data indicating a type of 

5 protocol being performed by said network and said mobile. 
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1 22. The method of claim 20, wherein said step (f) 

2 generates said second challenge response by performing 

3 said KCF on said second challenge, an identifier for said 

4 network, and type data using said first key, said type 

5 data indicating a type of protocol being performed by 

6 said network and said mobile. 
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ABSTRACT OF THE DISCLOSURE 

According to the two party authentication method, a 
first party generates and transfers a random number to a 
second party as a first challenge. The second party 
increments a count value in response to the first 
challenge, generates a first challenge response by 
performing a keyed cryptographic function (KCF) on the 
first challenge and the count value using a first key, 
and transfers the count value, as a second challenge, and 
the first challenge response to the first party. The 
first party verifies the second party based on the first 
challenge, the second challenge and the first challenge 
response. The first party also generates a second 
challenge response by performing the KCF on the second 
challenge using the first key, and transfers the second 
challenge response to the second party. The second party 
verifies the first party based on the second challenge 
and the second challenge response. For instance, the 
first and second parties can be a network and mobile, 
respectively, in a wireless system. Also, based on the 
first and second challenges, both the first and second 
parties may generate another key. 
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Declaration and Power of Attorney 
(sole inventor) 
Docket No.: 2925-0161P 
Lucent Case No.: Patel 7 



Please address all correspondence to BIRCH, STEWART. KOLASCH & BIRCH LLP P.O. Box 747. 
Falls Church, Virginia 22040-0747 (Mailing Address) or 8110 Gatehouse Road, Suite Fahs 
Church Virginia 22042 (Delivery Address). Telephone calls should be made to BIRCH, stewaw i , 
KOLASCH & BIRCH, LLP by dialing (703) 205-8000, in the Washington. D.C. area. 



Full name of so!e inventor: 5flrva7 PATEL 



By: . 

Date: ?\m I 



Inventor's signature 
Residence: 



City/Couhty, State 
Post Office Address; 



^ntviH«/M»frk .NEW JERSEY- 



34 Milter 1 ans Montville NEW JERSEY 07045. 
Street/P.0. Box, City, State, Zip 



Citizenship: USA 
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